{ "type": "Domain", "indicator": "times-sync.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/times-sync.com", "alexa": "http://www.alexa.com/siteinfo/times-sync.com", "indicator": "times-sync.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 1593732593, "indicator": "times-sync.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "5e4430d06ed4c78cf4aa7872", "name": "PowerBand the APT33 Variant", "description": "Since the Islamic revolution, US and regional rivals have put continuos effort in containing and isolating Iran. Implementing a foreign policy generally addressed as \u201cstrategic loneliness\u201d, Iran\u2019s defense strategy has been designed to compensate for the country\u2019s low level of conventional capabilities with its activity in asymmetric warfare, and especially in the cyber domain.", "modified": "2020-02-12T17:08:41.883000", "created": "2020-02-12T17:07:27.974000", "tags": [ "APT33", "Iran" ], "references": [ "https://blog.telsy.com/meeting-powerband-the-apt33-net-powerton-variant/", "https://app.threatconnect.com/auth/incident/incident.xhtml?incident=2928984041#/" ], "public": 1, "adversary": "APT33", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 108, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 13, "FileHash-SHA256": 2, "URL": 4, "email": 10, "hostname": 1 }, "indicator_count": 30, "is_author": false, "is_subscribing": null, "subscriber_count": 386738, "modified_text": "2301 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5c10d62e97d4215c088dfa2e", "name": "Recent Shamoon Wipers", "description": "We came across external reports that the notorious, disk-wiping worm Shamoon, also known as Disttrack, has reemerged with an updated version. We were also able to source several samples of this version of Shamoon that Trend Micro detects as Trojan.Win32.DISTTRACK.AA and Trojan.Win64.DISTTRACK.AA. While there are no obvious indications that this new version is currently in the wild, we are further analyzing the malware to verify its functions and capabilities given its destructive impact.", "modified": "2018-12-24T22:16:57.171000", "created": "2018-12-12T09:34:38.758000", "tags": [], "references": [ "https://twitter.com/ThreatHunting/status/1072771496479735809", "https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/new-version-of-disk-wiping-shamoon-disttrack-spotted-what-you-need-to-know", "https://www.axios.com/infamous-shamoon-malware-re-emerges-14911c5b-11e0-4bea-8549-1dc8a6f93848.html", "https://researchcenter.paloaltonetworks.com/2018/12/shamoon-3-targets-oil-gas-organization/", "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-returns-to-wipe-systems-in-middle-east-europe/", "https://www.symantec.com/blogs/threat-intelligence/shamoon-destructive-threat-re-emerges-new-sting-its-tail", "https://unit42.paloaltonetworks.com/shamoon-3-modified-open-source-wiper-contains-verse-from-the-quran/", "https://www.anomali.com/blog/destructive-shamoon-malware-continues-its-return-with-a-new-anti-american-message" ], "public": 1, "adversary": "Shamoon", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 74, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 5, "FileHash-SHA256": 24, "URL": 5, "hostname": 1, "FileHash-SHA1": 5 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 386778, "modified_text": "2715 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6285f40e8e44a7d794362614", "name": "C2_Malicious", "description": "A look at some of the most eye-catching snippets of this year's tech news:-a-day-round:.-..com. (1:00 GMT)..", "modified": "2022-05-19T07:38:54.065000", "created": "2022-05-19T07:38:54.065000", "tags": [], "references": [ "C2_Malicious" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "maletaibi", "id": "168404", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_168404/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 269, "hostname": 131 }, "indicator_count": 400, "is_author": false, "is_subscribing": null, "subscriber_count": 45, "modified_text": "1474 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://blog.telsy.com/meeting-powerband-the-apt33-net-powerton-variant/", "C2_Malicious", "https://twitter.com/ThreatHunting/status/1072771496479735809", "https://www.symantec.com/blogs/threat-intelligence/shamoon-destructive-threat-re-emerges-new-sting-its-tail", "https://www.anomali.com/blog/destructive-shamoon-malware-continues-its-return-with-a-new-anti-american-message", "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-returns-to-wipe-systems-in-middle-east-europe/", "https://app.threatconnect.com/auth/incident/incident.xhtml?incident=2928984041#/", "https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/new-version-of-disk-wiping-shamoon-disttrack-spotted-what-you-need-to-know", "https://www.axios.com/infamous-shamoon-malware-re-emerges-14911c5b-11e0-4bea-8549-1dc8a6f93848.html", "https://researchcenter.paloaltonetworks.com/2018/12/shamoon-3-targets-oil-gas-organization/", "https://unit42.paloaltonetworks.com/shamoon-3-modified-open-source-wiper-contains-verse-from-the-quran/" ], "related": { "alienvault": { "adversary": [ "APT33", "Shamoon" ], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "5e4430d06ed4c78cf4aa7872", "name": "PowerBand the APT33 Variant", "description": "Since the Islamic revolution, US and regional rivals have put continuos effort in containing and isolating Iran. Implementing a foreign policy generally addressed as \u201cstrategic loneliness\u201d, Iran\u2019s defense strategy has been designed to compensate for the country\u2019s low level of conventional capabilities with its activity in asymmetric warfare, and especially in the cyber domain.", "modified": "2020-02-12T17:08:41.883000", "created": "2020-02-12T17:07:27.974000", "tags": [ "APT33", "Iran" ], "references": [ "https://blog.telsy.com/meeting-powerband-the-apt33-net-powerton-variant/", "https://app.threatconnect.com/auth/incident/incident.xhtml?incident=2928984041#/" ], "public": 1, "adversary": "APT33", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 108, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 13, "FileHash-SHA256": 2, "URL": 4, "email": 10, "hostname": 1 }, "indicator_count": 30, "is_author": false, "is_subscribing": null, "subscriber_count": 386738, "modified_text": "2301 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5c10d62e97d4215c088dfa2e", "name": "Recent Shamoon Wipers", "description": "We came across external reports that the notorious, disk-wiping worm Shamoon, also known as Disttrack, has reemerged with an updated version. We were also able to source several samples of this version of Shamoon that Trend Micro detects as Trojan.Win32.DISTTRACK.AA and Trojan.Win64.DISTTRACK.AA. While there are no obvious indications that this new version is currently in the wild, we are further analyzing the malware to verify its functions and capabilities given its destructive impact.", "modified": "2018-12-24T22:16:57.171000", "created": "2018-12-12T09:34:38.758000", "tags": [], "references": [ "https://twitter.com/ThreatHunting/status/1072771496479735809", "https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/new-version-of-disk-wiping-shamoon-disttrack-spotted-what-you-need-to-know", "https://www.axios.com/infamous-shamoon-malware-re-emerges-14911c5b-11e0-4bea-8549-1dc8a6f93848.html", "https://researchcenter.paloaltonetworks.com/2018/12/shamoon-3-targets-oil-gas-organization/", "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-returns-to-wipe-systems-in-middle-east-europe/", "https://www.symantec.com/blogs/threat-intelligence/shamoon-destructive-threat-re-emerges-new-sting-its-tail", "https://unit42.paloaltonetworks.com/shamoon-3-modified-open-source-wiper-contains-verse-from-the-quran/", "https://www.anomali.com/blog/destructive-shamoon-malware-continues-its-return-with-a-new-anti-american-message" ], "public": 1, "adversary": "Shamoon", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 74, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 5, "FileHash-SHA256": 24, "URL": 5, "hostname": 1, "FileHash-SHA1": 5 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 386778, "modified_text": "2715 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6285f40e8e44a7d794362614", "name": "C2_Malicious", "description": "A look at some of the most eye-catching snippets of this year's tech news:-a-day-round:.-..com. (1:00 GMT)..", "modified": "2022-05-19T07:38:54.065000", "created": "2022-05-19T07:38:54.065000", "tags": [], "references": [ "C2_Malicious" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "maletaibi", "id": "168404", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_168404/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 269, "hostname": 131 }, "indicator_count": 400, "is_author": false, "is_subscribing": null, "subscriber_count": 45, "modified_text": "1474 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "times-sync.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "times-sync.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780337432.6079178 }